
	Home > Ask the Security Experts > Expert Archive: Security Management Questions & Answers > During a breach, how much information should be given out?

Ask The Security Expert: Questions & Answers

EMAIL THIS

During a breach, how much information should be given out?

EXPERT RESPONSE FROM: Mike Rothman, past SearchSecurity.com expert

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 27 May 2008
During the immediate aftermath of a security breach, how much information am I required to give to other people working in the company? As a security professional, do I just need to let them know how business operations will be affected, or should I let them know details of the breach so they know what might have been compromised and where to be careful?

BROWSE BY TAG

Expert Archive: Security Management, Network Intrusion Detection and Analysis, Enterprise Network Security, Information Security Incident Response, Information Security Policies, Procedures and Guidelines, Information Security Management, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Expert Archive: Security Management
	What is the GISP certification and how does it compare to the CISSP certification?
	Using a QSA to write up a PCI DSS report on compliance (ROC)
	How can gap analysis be applied to the security SDLC?
	Comparing low-cost security appliances to bigger, pricier appliances
	What are some tips on protecting my security budget in a poor economy?
	What value do research firms provide to their subscribing enterprises?
	What certificate offers the best ROI for an IT project manager?
	Is insider activity or outsider activity a bigger enterprise threat?
	How does information security prevent fraud in the enterprise?
	Differences between an SAS 70 data center and a Tier III data center

Information Security Incident Response

Tying log management and identity management shortens incident response

Tabletop exercises sharpen security and business continuity

Security book chapter: Applied Security Visualization

The challenges of incident response plans and procedures

CISOs, human resources cooperation vital to security

After a data breach, are there legal implications of sharing details?

Boosting morale of the information security staff after a data breach

Recovering stolen laptops one step at a time

IT security pros face challenge during economic crisis

Spotlight article: Domain 9, Physical Security

Information Security Incident Response Research

Information Security Policies, Procedures and Guidelines

Twitter risks, Facebook threats trouble security pros

Cybersecurity czar candidate questions clout of new position

Incident response planning

The basics of enterprise GRC project management

RSA council addresses growing security risks in the cloud

How to write a risk methodology that blends business, security needs

Risk management must include physical-logical security convergence

DHS fills National Cybersecurity Center post

New partnerships, creative thinking help security bust recession

Experts optimistic of Obama cybersecurity plan

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

incident response (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

When thinking about incident response, communication is critical. Organizations need to think about communication in two phases. The first phase takes place during the incident; say as little as possible because it may be unclear who is responsible, and giving away too much could impede a possible investigation. Send out a blanket statement saying there has been a security breach, it's under investigation and the company will have an official statement as quickly as possible. The people that are directly affected need to understand how and what they should be doing, but until the storm blows past, keep a tight lid on information.

In the aftermath of a security incident, it's wise for organizations to do a formal post-mortem. This is the second phase of communication. Employees need to understand what happened, who was responsible and, most importantly, what new processes and/or controls should be implemented to make sure it doesn't happen again. A big part of these lessons learned is to communicate to the staff at large.

Don't point fingers or make an example of anyone, but do use the security incident as an internal case study; it's a great example of how to leverage something current and timely to educate employees. Alternatively, consider using another company's breach as an educational device. Of course, that won't be as timely or effective, but at least it won't be coming on the heels of the company's own breach.

More information:

Learn more about preventing identity theft with these data loss prevention tools.
Security breach mangement: Read more about planning and preparation.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy